# Copyright (C) 2002-2003, 2006, 2009 The Written Word, Inc.
# Copyright (C) 2000-2001 The Written Word, LLC
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# $Id: https.py 694 2010-02-19 14:55:45Z china $

import pycurl

from depot.http import http

class https (http):
  # Handle protocol specific authentication
  def _protocol_auth (self, c):
    if self.auth.login:
      c.setopt (pycurl.USERPWD, self.auth.login + ':' +
                (self.auth.passwd or ''))

    c.setopt (pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1)
    c.setopt (pycurl.SSLCERTTYPE, "PEM")

    # XXX VERIFYHOST should be 2, as long as the server always
    #     returns a valid certificate for itself...
    c.setopt (pycurl.SSL_VERIFYHOST, 0)
   
    # XXX VERIFYPEER should be 1, once we know where the certs are
    c.setopt (pycurl.SSL_VERIFYPEER, 0)
    #c.setopt (pycurl.SSL_VERIFYPEER, 1)
    #c.setopt (pycurl.CAPATH, "/path/to/peer/cert/directory/")
    #c.setopt (pycurl.CAINFO, "/path/to/peer/cert/file.crt")

